package com.school.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @ /* 是拦截所有请求
 */
@WebFilter("/*")
public class SqlFieldRegexFielter implements Filter {

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        // request的参数只读不能修改的
        // 使用自定义的代理类XssHttpServletRequestWraper来拦截请求参数
        XssHttpServletRequestWraper xssRequest = new XssHttpServletRequestWraper((HttpServletRequest) servletRequest);
        // filterChain往下传递到后面的filter或者servlet
        filterChain.doFilter(xssRequest, servletResponse);
    }

    public void destroy() {
    }
}